1、查看加密组件
[oracle@yuntestdb ~]$ adapters
Installed Oracle Net transport protocols are:
IPC
BEQ
TCP/IP
SSL
RAW
SDP/IB
Installed Oracle Net naming methods are:
Local Naming (tnsnames.ora)
Oracle Directory Naming
Oracle Host Naming
Oracle Names Server Naming
Installed Oracle Advanced Security options are:
RC4 40-bit encryption
RC4 56-bit encryption
RC4 128-bit encryption
RC4 256-bit encryption
DES40 40-bit encryption
DES 56-bit encryption
3DES 112-bit encryption
3DES 168-bit encryption
AES 128-bit encryption
AES 192-bit encryption
AES 256-bit encryption
MD5 crypto-checksumming
SHA-1 crypto-checksumming
Kerberos v5 authentication
RADIUS authentication
2、设置网络加密,只对服务端进行设置,客户端默认设置是ACCEPTED
SQLNET.ENCRYPTION_SERVER = requested
SQLNET.ENCRYPTION_TYPES_SERVER= (RC4_256)
3加密设置是否生效参考官网
https://docs.oracle.com/cd/E11882_01/network.112/e40393/asoconfg.htm#ASOAG9599
Client Setting Server Setting Encryption and Data NegotiationREJECTED REJECTED OFFACCEPTED REJECTED OFFREQUESTED REJECTED OFFREQUIRED REJECTED Connection failsREJECTED ACCEPTED OFFACCEPTED ACCEPTED OFFFoot 1 REQUESTED ACCEPTED ONREQUIRED ACCEPTED ONREJECTED REQUESTED OFFACCEPTED REQUESTED ONREQUESTED REQUESTED ONREQUIRED REQUESTED ONREJECTED REQUIRED Connection failsACCEPTED REQUIRED ONREQUESTED REQUIRED ONREQUIRED REQUIRED ON
设置完sqlnet以后不用重启监听
验证是否加密可以trace sqlnet,操作前在sqlnet.ora内增加如下行,做完后删除。
#Trace file setup
trace_level_server=16
trace_level_client=16
trace_directory_server=/oracle/app/oracle/product/11.2.0/db_1/network/admin
trace_directory_client=/oracle/app/oracle/product/11.2.0/db_1/network/admin
trace_file_client=cli
trace_file_server=srv
trace_unique_client=true
diag_adr_enabled = off
验证
[oracle@yuntestdb admin]$ cat srv_24360.trc |grep "encryption is active"
[29-JUL-2020 16:26:23:709] na_tns: encryption is active, using RC4_256
加密以后包变大拉
加密解密性能影响,参考http://www.orafaq.com/wiki/Network_Encryption
Algorithm | None | MD5 | SHA-1 | |||
---|---|---|---|---|---|---|
Time | %None | Time | %None | Time | %None | |
None | 79.6 s | 80.5 s | 101% | 82.4 s | 104% | |
DES | 104.7 s | 132% | 107.1 s | 135% | 108.2 s | 136% |
3DES168 | 151.8 s | 191% | 153.9 s | 193% | 155.6 s | 196% |
AES128 | 88.8 s | 112% | 90.5 s | 114% | 92.1 s | 116% |
AES256 | 91.8 s | 115% | 93.5 s | 117% | 94.2 s | 118% |
RC4_128 | 81.6 s | 103% | 82.5 s | 104% | 85.0 s | 107% |
RC4_256 | 81.7 s | 103% | 82.8 s | 104% | 85.0 s | 107% |
原文链接:Oracle sqlnet设置网络传输加密,转载请注明来源!